/
InvalidateTokenController.php
83 lines (69 loc) · 2.5 KB
/
InvalidateTokenController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
/**
* @copyright Copyright (C) eZ Systems AS. All rights reserved.
* @license For full copyright and license information view LICENSE file distributed with this source code.
*/
namespace EzSystems\PlatformHttpCacheBundle\Controller;
use FOS\HttpCache\ResponseTagger;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
use eZ\Publish\Core\MVC\ConfigResolverInterface;
use Symfony\Component\HttpKernel\EventListener\SessionListener;
class InvalidateTokenController
{
public const TOKEN_HEADER_NAME = 'X-Invalidate-Token';
/**
* @var \eZ\Publish\Core\MVC\ConfigResolverInterface
*/
private $configResolver;
/**
* @var int
*/
private $ttl;
/**
* @var \EzSystems\PlatformHttpCacheBundle\Handler\TagHandler
*/
private $tagHandler;
/**
* TokenController constructor.
*
* @param ConfigResolverInterface $configResolver
* @param int $ttl
* @param ResponseTagger $tagHandler
*
* @internal param string $invalidatetoken
*/
public function __construct(ConfigResolverInterface $configResolver, $ttl, ResponseTagger $tagHandler)
{
$this->configResolver = $configResolver;
$this->ttl = $ttl;
$this->tagHandler = $tagHandler;
}
/**
* @param Request $request
*
* @return Response
*/
public function tokenAction(Request $request)
{
$response = new Response();
if (!$request->isFromTrustedProxy()) {
$response->setStatusCode('401', 'Unauthorized');
return $response;
}
// Important to keep this condition, as .vcl rely on this to prevent everyone from being able to fetch the token.
if ($request->headers->get('accept') !== 'application/vnd.ezplatform.invalidate-token') {
$response->setStatusCode('400', 'Bad request');
return $response;
}
$this->tagHandler->addTags(['ez-invalidate-token']);
$headers = $response->headers;
$headers->set('Content-Type', 'application/vnd.ezplatform.invalidate-token');
$headers->set('X-Invalidate-Token', $this->configResolver->getParameter('http_cache.varnish_invalidate_token'));
$response->setSharedMaxAge($this->ttl);
$response->setVary('Accept', true);
// header to avoid Symfony SessionListener overwriting the response to private
$response->headers->set(SessionListener::NO_AUTO_CACHE_CONTROL_HEADER, 1);
return $response;
}
}